https://www.schneier.com/crypto-gram/archives/1998/1015.html#cipherdesign

On Mon, Jul 4, 2016 at 1:23 AM, Arthur Chen <arthur.chen@btcc.com> wrote:

> I strongly agree!
> In crypto we should always follow well-studied open standard rather than
> custom construction.
>
> On Fri, Jul 1, 2016 at 10:42 PM, Zooko Wilcox via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
>
>> I haven't been able to find the beginning of this thread, so apologies
>> if I've misunderstood what this is for, but it _sounds_ like we're
>> re-inventing HKDF.
>>
>> I'd recommend reading the paper about HKDF. It stands out among crypto
>> papers for having a nice clear justification for each of its design
>> decisions, so you can see why they did it (very slightly) differently
>> than the various constructions proposed up-thread.
>>
>> https://eprint.iacr.org/2010/264
>>
>> Also, of course, it is a great idea to re-use a standard
>> (https://tools.ietf.org/html/rfc5869) and widely-understood crypto
>> algorithm to reduce risk of both cryptographer errors and implementor
>> errors.
>>
>> Of course, the cost of that is the you sometimes end up computing
>> something that is a tiny bit more complicated or inefficient than a
>> custom algorithm for our current use case. IMHO that's a cheap price
>> to pay.
>>
>> Regards,
>>
>> Zooko
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
>
>
>
> --
> Xuesong (Arthur) Chen
> Senior Principle Engineer
> BlockChain Technologist
> BTCC
>



-- 
Xuesong (Arthur) Chen
Senior Principle Engineer
BlockChain Technologist
BTCC